CVE-2023-26258

Posted on by admin

CVE-2023-26258

Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any task as administrator.

Source: CVE-2023-26258

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다